Hunting for Attacker Footprints and Building a Resilient AD

Hunting for Attacker Footprints and Building a Resilient AD

How do we find the evidence of these attacks, and what does a truly hardened, resilient Active Directory look like?

How Attackers Achieve Persistence and How to Kick Them Out

Today if you've detected an attack and changed the compromised user's password. You're safe, right? Not if the attacker has already established persistence. A sophisticated attacker's goal is to ensure that even if their initial entry point is discovered, they have multiple backdoors to get back in.

Active Directory Unlocked - Episode 3

Welcome back to "Active Directory: Unlocked," the podcast dedicated to demystifying the complexities of Active Directory security and empowering you to build a more resilient digital fortress. Continuing our Active Directory Unlocked series, in our last post we highlighted the perils of dangerous permissions in Active Directory [https://educ4te.com/blog/broken-trust-how-attackers-turn-your-own-permissions-against-you] and by treating permissions as the powerful weapons they are, how you can prevent attackers from turning your own infrastructure against you.

Active Directory Unlocked - Episode 2

Welcome back to "Active Directory: Unlocked," the podcast dedicated to demystifying the complexities of Active Directory security and empowering you to build a more resilient digital fortress. In our last episode with Alpesh, we meticulously removed the attacker's primary reconnaissance tools, effectively taking away their map of your network. But what if, despite your best efforts to secure the perimeter and obscure the landscape, the attacker finds a secret, often overlooked, tunnel right into the heart of your systems? What if the map they thought they had was never the real danger, but rather a misconfigured side entrance they could exploit? Today, we’re diving deep into some of the most insidious and commonly abused attack vectors: broken trust, specifically focusing on the often-misunderstood vulnerabilities inherent in misconfigured Group Policy Objects, or GPOs, and Access Control Lists, known as ACLs.

Active Directory Unlocked - Episode 1

As a security professional, I'm always looking at the "how" behind the breaches we hear about. This week, we start a new series on Microsoft Active Directory Unlocked! The blog posts series on https://educ4te.com [https://educ4te.com] is an extension of the podcast series. It highlights a critical, and often overlooked, step attackers take: mapping your Active Directory (AD) from the inside out using low-privilege accounts.